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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 

WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to communication(s) filed on 17 September 2007 . 
2a)E3 This action is FINAL. 2b)D This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) E3 Claim(s) 1,4-9,13,15 and 18-22 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) IEl Claim(s) 1,4-9,13.15 and 18-22 is/are rejected. 
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8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)^1 The drawing(s) filed on 05 February 2004 is/are: a)K accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 
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1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



1. 



Claims 1 5 4-9, 13, 15, 18-22 have been examined. 



Claim Objections 



2. 



Claim 7 and 8 are objected to because of the following informalities: both claims depend 



on a cancelled claim 3. Appropriate correction is required. 



Claim Rejections - 35 USC §102 



3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

4. Claims 1,4-6, 9, 13, 15 and 18-22 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Fernando et al. U.S. Pub. No. 20020196237 (hereinafter Fernando). 

5. As per claim 1, Fernando discloses a method performed by a client comprising: storing a 
secret in a secure storage (Fernando: [0030]: the security circuit initializes the security functions 
to display the secure icon); receiving a password challenge from a server (Fernando: [0039]: the 
PIN entry device allows communication from servers); and responsive to the password challenge 
calling a secure password prompt routine which accesses the secret in the secure storage 
(Fernando: [0030]: when the transaction is initiated, the secure function is initiated to access the 
secure icon), generates an authentication graphic based on the secret (Fernando: [0030]: display 
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of the secure icon), and displays a prompt asking a user for a password, the prompt including the 
authentication graphic which is visible to the user (Fernando: [0028]: the secure icon ensures the 
user that the device is indeed for data entry); wherein the secure password prompt routine 
displays the authentication graphic for all password challenges (Fernando: [0030]: the secure 
circuit is initiated when sensitive data is to be inputted), there being no requirement of an 
association between the server and the authentication graphic (Fernando: [0028]: the 
predetermined icon is used to ensure security of the data entry device). 

6. As per claim 4, Fernando discloses the method of claim 1. Fernando further discloses 
making the authentication graphic known to the user so that the user can identify the 
authentication graphic on the prompt prior to the user inputting a password in response to the 
prompt (Fernando: [0028]: the predetermined security icon allows user to visibly confirm the 
security of PIN entry device). 

7. As per claim 5, Fernando discloses the method of claim 4. Fernando further discloses 
making the authentication graphic known comprises physically attaching the authentication 
graphic to the client (Fernando: [0028]: predetermined security icon). 

8. As per claim 6, Fernando discloses the method of claim 1 . Fernando further discloses 
receiving the password from the user; generating a digest using the received password and 
password challenge; and sending the digest to the server (Fernando: [0032]: the input data is 
encrypted before being transmitted). 
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9. As per claim 21 , Fernando discloses the method of claim 1 . Fernando further discloses 
wherein making the authentication graphic known comprises including the authentication 
graphic in a user manual for the client (Fernando: [0028]: predetermined security icon). 

1 0. As per claim 22, Fernando discloses the method of claim 1 . Fernando further discloses 
wherein the authentication is unique to the client (Fernando: [0036]: separate visible indicator for 
different protected data, e.g. one icon for password entry and different icon for signature, etc.) 

11. As per claim 9, 13, 15, 18-20, claims 9, 13, 15 and 18-20 encompass the same scope as 
claims 1 and 4-6. Therefore, claims 9, 13, 15 and 18-20 are rejected based on the same reason set 
forth above in rejecting claim 1 and 4-6. 

Claim Rejections - 35 USC § 103 

12. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

13. Claims 7 and 8 are rejected under 35 U.S.C. 103(a) as being unpatentable over Fernando 
in view of Gilchrist U.S. Pat. No. 6950949 (hereinafter Gilchrist). 
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14. As per claim 7 5 Fernando discloses the method of claim 4. Fernando does not explicitly 
disclose wherein the secret becomes stored in the secure storage when first entered by the user. 
However, Gilchrist discloses user selects the authentication- graphic and the client device stores 
the authentication graphic upon selection (Gilchrist: column 7 lines 1 1-15). It would have been 
obvious to one having ordinary skill in the art to allow user to select authentication graphic to 
verify whether the security of the password entry device because they are analogous art. 
Therefore, it would have been obvious to one having ordinary skill in the art at the time of 
applicant's invention to combine the teachings of Gilchrist within the system of Fernando 
because it gives users a choice of selecting a preferred image for authentication. 

15. As per claim 8, Fernando discloses the method of claim 4. Fernando does not explicitly 
disclose wherein the secret becomes stored in the secure storage when generated based upon 
information entered by the user. However, Gilchrist discloses user selects the authentication 
graphic and the client device stores the authentication graphic upon selection (Gilchrist: column 
7 lines 11-15). It would have been obvious to one having ordinary skill in the art to allow user to 
select authentication graphic to verify whether the security of the password entry device because 
they are analogous art. Therefore, it would have been obvious to one having ordinary skill in the 
art at the time of applicant's invention to combine the teachings of Gilchrist within the system of 
Fernando because it gives users a choice of selecting a preferred image for authentication. 
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Response to A rguments 

16. Applicant's arguments with respect to claims 1, 4-9, 13, 15 and 18-22 have been 
considered but are moot in view of the new ground(s) of rejection. 

Conclusion 

1 7. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action-. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shin-Hon Chen whose telephone number is (571) 272-3789. The 
examiner can normally be reached on Monday through Friday 8:30am to 5:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the. Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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